Troy doesn't understand users. I know how this stuff works and the blog post had me snoozing.
Users don't have room in their brain for both "encrypted" and "hashed". All they care is if they are secure, and if some pro tells them the vendor is lying.
Why should they be expected to know?
They are receiving an email from a professional IT specialist who couldn't even figure out how this stuff works.
It's the vendor's job to get it right, and lawyers and activists's role to hold them accountable.
Why should they be expected to know? They are receiving an email from a professional IT specialist who couldn't even figure out how this stuff works.
It's the vendor's job to get it right, and lawyers and activists's role to hold them accountable.